Skip to main content
Springer Nature Link
Log in

RATLS: Integrating Transport Layer Security with Remote Attestation

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13285))

Included in the following conference series:

Abstract

We present RATLS, a companion library for OpenSSL that integrates the Trusted Computing concept of Remote Attestation into Transport Layer Security (TLS). RATLS builds upon handshake extensions that are specified in version 1.3 of the TLS standard. It therefore does not require any changes to the TLS protocol or the OpenSSL library, which offers a suitable API for handshake extensions. RATLS supports remote attestation as part of a complete TLS handshake for new connections and it augments session resumption by binding session tickets to the platform state of TLS peers. We demonstrate that RATLS enables both client and server to attest their respective software stacks using widely-used Trusted Platform Modules. Our evaluation shows that the number of round trips during handshake is the same as for traditional TLS and that session resumption can reduce cryptographic overhead caused by remote attestation for frequently communicating peers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    TLS v1.2 supports extensions, too, but on fewer message types than TLS v1.3.

  2. 2.

    Some implementations use symmetric keys or a physically unclonable function (PUF) instead, but the general concept is the same.

  3. 3.

    There are implementations of remote attestation that are software only, but they assume a weaker attacker model.

References

  1. Intel Software Guard Extensions (Intel SGX). https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html. Accessed 1 May 2022

  2. OpenSSL. https://www.openssl.org/

  3. The Trusted Computing Group - TPM Software Stack (TSS). https://trustedcomputinggroup.org/work-groups/software-stack/

  4. The Trusted Computing Group - Trusted Platform Module (TPM). https://trustedcomputinggroup.org/work-groups/trusted-platform-module/

  5. TSS.MSR. https://github.com/microsoft/TSS.MSR

  6. Duan, H., Wang, C., Yuan, X., Zhou, Y., Wang, Q., Ren, K.: LightBox: full-stack protected stateful middlebox at lightning speed, pp. 2351–2367 (2019). https://doi.org/10.1145/3319535.3339814

  7. Kim, S., Shin, Y., Ha, J., Kim, T., Han, D.: A first step towards leveraging commodity trusted execution environments for network applications (2015). https://doi.org/10.1145/2834050.2834100

  8. King, G., Wang, H.: HTTPA: HTTPS attestable protocol. CoRR abs/2110.07954 (2021). https://arxiv.org/abs/2110.07954

  9. Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., Vij, M.: Integrating remote attestation with transport layer security. CoRR abs/1801.05863 (2018). http://arxiv.org/abs/1801.05863

  10. Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446, RFC Editor, August 2018. https://www.rfc-editor.org/rfc/rfc8446.txt

  11. Zheng, H., Arden, O.: Building secure distributed applications the DECENT way. CoRR abs/2004.02020 (2020). https://arxiv.org/abs/2004.02020

Download references

Acknowledgements

This research was co-financed by public funding of the state of Saxony/Germany. It has also received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No. 957216.

Author information

Authors and Affiliations

  1. Technische Universität Dresden, Dresden, Germany

    Robert Walther

  2. Barkhausen Institut, Dresden, Germany

    Carsten Weinhold & Michael Roitzsch

Authors
  1. Robert Walther
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carsten Weinhold
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Roitzsch
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carsten Weinhold .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Bristol, Bristol, UK

    Sridhar Adepu

  3. University of Malaga, Malaga, Spain

    Cristina Alcaraz

  4. Radboud University Nijmegen, Málaga, The Netherlands

    Lejla Batina

  5. Sapienza University of Rome, Rome, Roma, Italy

    Emiliano Casalicchio

  6. Singapore University of Technology and Design, Singapore, Singapore

    Sudipta Chattopadhyay

  7. Centrum Wiskunde & Informatica, Amsterdam, The Netherlands

    Chenglu Jin

  8. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  9. University of Padua, Padua, Italy

    Eleonora Losiouk

  10. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  11. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  12. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  13. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  14. University of Aizu, Aizu-Wakamatsu, Japan

    Chunhua Su

  15. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  16. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

  17. Rutgers University, Piscataway, NJ, USA

    Saman Zonouz

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Walther, R., Weinhold, C., Roitzsch, M. (2022). RATLS: Integrating Transport Layer Security with Remote Attestation. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2022. Lecture Notes in Computer Science, vol 13285. Springer, Cham. https://doi.org/10.1007/978-3-031-16815-4_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16815-4_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16814-7

  • Online ISBN: 978-3-031-16815-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation